Lock Down WordPress – Part One

Believe it or not, this site averages 650 hacking attempts every day. There are so many attempts to get into it that we’ve stopped the email notices from the main plugin that we use to keep hackers out. Computers Made Simple is reasonably popular but it’s not remotely near the top of the list. Despite that, we get hundreds of hacking attempts every day. Here are some tips on how you can protect your WordPress site, big or small. Even if your site is brand new, hackers are trying to get into it.

We’ve written before about keeping your WordPress username separate from your posting name. Here is a link to that post: Username/Posting Name Should be Different 

While the two steps mentioned in our previous post are good, we’ve discovered a way that hackers can see your username, even if you have it set to something different than your posting name.

TIP: If you run a site with several contributors, make sure they read this post.

WordPress now allows you to have your author’s name displayed publicly as something different than your username. The importance of this can’t be ignored. If a hacker is able to discover your username, they are 50% of the way into getting access to your site. Don’t let them! If they don’t know your username, even if they somehow divine your password, they won’t be able to get into your WordPress installation.

Head to Users then edit your admin account, the one that has admin privileges, in other words. Hopefully you’re not still using admin as your username, right? If you are, it’s even more important to change it now.

Look for this section on the editing page:

Photo of WordPress page
Make your first name that does not resemble your username. Your nickname could be anything, or blank. Display name will be your first name.

 

The important thing here is to make sure your username is:

1. Not Admin

2. Not in the ‘Display name publicly as’ space.

Nickname is not required, so don’t worry about it. If your username is still admin, change it using these instructions:

Protect Your WordPress Site

At this point you’ve prevented hackers from discovering your username. As long as it’s not ‘admin’, they won’t be able to get in, even if they know the password.

In our next post we’ll detail another way to lock down your WordPress site.

Comments and questions are welcome but  Likes on our Facebook page get immediate attention.  Here’s the link: Computers Made Simple on Facebook . Thanks for reading!

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *